FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
mbernatek
Staff
Staff
Description
The DKIM key has to be generated on FortiMail and file with pre-configured DNS TXT record is made available for download. There is no way however to change any parameter for the DKIM key generation.

Example of downloaded file:
test._domainkey IN TXT ("t=y; k=rsa; p=" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH83XJcrIv8PRDkmCDh0kq5SyCeo7U3UTsLEP
zjOxU/tHojPZ3av/5JNRGVwuEppzXUI0DE+q+qUgpiICXqbbdZpurVz9qPEfyikWpuDxeSmJb5ioUap4OenHOFEM+/UV42B7DCrytXgo+o5btV0sn0eoquR""VK4Hzuixw+uQTuzRlGnBqv0FbUgVBJwYSX9DZdlGjvvmJ
f93rZaLhnXzPVUc+PH5JndZkPi6ScM+ZYkaspcCXC5VY1+ZRd16HO1hSgyrE7ciLfiZ9T3oXsNu92
DLX22+oj+k0v5Io7t63IgpyKc3TI9hQL7oNy07MKdGrNRsDOMWgEBguvP1Qa+2QwIDAQAB")

Consult the Fortimail Admin Guide in the Fortinet Document Library for more information about DKIM configuration.

In some cases DNS TXT record does not work when inserted to DNS server. With some online validating tools errors for this DNS TXT record can be seen, for example “This is not a good DKIM key record”.

Solution
The maximum single string length of a TXT record is limited to 255 bytes. If the string of a TXT record is longer then the TXT record will not be valid.

As defined in RFC1035, a DNS TXT  record  can be composed of more than one string. FortiMail creates the DKIM key exactly in this way. The TXT record consists of several string parts enclosed in parenthesis, effectively making the TXT record longer than 255 bytes.

This is description in RFC 4408.

To fix the issue the proper configuration has to be done on DNS server side.

Contributors